Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

Many Providers Lack Dedicated Budget For Connected Medical Device Security

Posted on November 5, 2018 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

A new vendor survey has concluded that while most providers haven’t dedicated much of their budget specifically to managing and securing connected devices, most are convinced they have the situation under control.  Rightly or wrongly, this seems to be part of a larger picture in which support for connected health devices hasn’t matured as much of the rest of the IT infrastructure.

The survey, which was conducted by Zingbox, developer of a healthcare Internet of Things analytics platform, collected responses from about 200 healthcare IT professionals in 200 clinical/biomedical engineers in the U.S., weighting results to US census levels for age, gender, region, and income.

According to Zingbox researchers, 87% of healthcare IT professionals responding to the survey said they were confident that their connected medical devices were protected from cyberattacks, and 79% said that their organization had real-time information of which on these devices might be vulnerable to cyberattacks.

Also, 69% said they believe that existing security solutions using secure laptops and servers were capable of securing their connected medical devices. Not surprisingly, the vendor’s report argued that this may not be the case, given that they aren’t designed to support on-device security solutions like anti-virus software, and that the blocking ports or protocols via gateways lead to problems that include device malfunction.

When asked whether their organizations had a budget allocated specifically to securing connected medical devices, 53% said yes, and that the amount was sufficient, while 41% said no, that they didn’t have dollars allocated to the problem or hadn’t set aside enough dollars. (I’d be interested to know how they decided whether their device security was adequate; given the relative youth of this category their standards might be worth a look.)

Meanwhile, roughly 85% of clinical/biomedical engineers said they were confident they had an accurate inventory of connected medical devices in their network, with 64% of respondents noting that such device inventories were completed manually. Thirty-four percent said they did a manual room-to-room audit to get this job done, and about 30% said they did static asset management.

To determine which devices were in use, 55% of respondents said they did so manually, while 38% said they used an automated solution. Of those clinical/biomedical engineers doing manual checks, 28% walk over to the device location to check in person, and 27% find out by contacting someone.

To keep these devices online, 73% of these engineers said they conducted maintenance on a fixed schedule, including 29% that followed manufacturer recommendations, 27% adhering to internal schedules and 17% taking a cue from reseller recommendations.

Beth Israel Deaconess Uses Lessons Learned To Protect Bombing Patient Data

Posted on August 23, 2013 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

When terrorists exploded bombs at the Boston Marathon, Beth Israel Deaconess Medical Center was one of the hospitals that received patients injured in the attack. With world attention focused on the event and its aftermath, it wouldn’t have been surprising if someone managed to breach the patients’ medical information.

But as it turns out, BIDMC was able to keep private not only injured victims’ data, but also information on the condition of bombing suspect Dzhokhar Tsarnaev, reports iHealthBeat.  BIDMC CIO John Halamka told a conference this week that his facility was able to keep sure in part due to lessons learned from a data breach involving a stolen laptop.

During his presentation at the meeting, Halamka explained how the facility tightened up security after a July 2012 incident where a physician’s personal laptop.

The incident, which required  the hospital to notify about 3,900 patients about the data breach, led the hospital to immediately change its encryption policies for any device hospital personnel used that could contain protected health data, iHealthBeat reports. BIDMC also improved security in office buildings and launched a campaign to increase awareness regarding data security.

What’s more, after a second data privacy issue came up, BIDMC retained Deloitte to audit how employees use computers and personal devices.  Deloitte ended up recommending adding messages to portals to remind employees to take care with data; creating 26 new staff positions; deciding which records were the most restricted; and updating doctors’ record access permission when they were given new job titles, iHealthBeat says.

When the Boston Marathon event took place, Halamka was able to build on these precautions. Specifically, he took steps to make sure doctors working in the emergency department weren’t able to access patient records out of curiousity. IT leaders restricted access to the victims’ and Tsarnaev’s data, making employees who did seek access to explain why they did so, iHealthBeat said.

Health data security measures like those at BIDMC are too seldom implemented in full, as the countless reports of data breaches at hospitals demonstrate. But they’re increasingly necessary, particularly as mobile devices bring new layers of risk and health data grows more of a target for criminals. Unfortunately, given the desirability of health data as a target, this is a problem that can only get worse before it gets better.

Are iPads Good For Healthcare? A Few Video Viewpoints

Posted on April 17, 2012 I Written By

Anne Zieger is veteran healthcare branding and communications expert with more than 25 years of industry experience. and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also worked extensively healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Within, say, six months of its introduction, bloggers were already waxing rhapsodic over the potential of the iPad to transform the practice of medicine.

Many industry observers still do see the iPad as one of the defining moments in health IT, and many clinicians couldn’t be parted from their iPad with a crowbar.

But these days, as news of iOS security issues become more widespread, hospitals struggle with integrating iPads into their infrastructure and doctors grow weary of the iPad’s awkward data entry format, the elegant device is making some enemies as well as friends. OK, not enemies, exactly, but for some clinicians and IT leaders that early thrill is gone.

Given how perceptions of the device are shifting, I thought it’d be interesting to take a look at three takes on the iPad today. The first is from a hospital CIO, the second an interview with a doctor an Israeli hospital, and the third with a US physician. Check them out; there’s an interesting range of perspectives here.